Shares of Kotak Mahindra Bank tanked 13% to hit a 52-week low on Thursday after the Reserve Bank of India (RBI) directed the private lender to stop onboarding new customers through its online and mobile banking channels and issuing fresh credit cards.

Analysts say the banking regulator’s action may impede the lender’s retail business growth over the medium term.

Foreign brokerage Macquarie called the RBI’s business restrictions on Kotak Mahindra Bank a “significant setback”.

Kotak Mahindra Bank’s digital platform 811 allowed anyone to open a bank account online within minutes.

Analysts at Citi say the action would adversely impact the bank’s growth, net interest margin (NIM) and fee income.

Shares of Kotak Mahindra Bank hit a 52-week low of ₹1,602 in opening trade on the National Stock Exchange (NSE), taking the lender’s market cap to under ₹3.3 lakh crore.

Kotak Mahindra Bank is allowed to provide services to its existing customers, including its credit card customers. As on December 2023, the lender had a national footprint of 1,869 branches and 3,239 ATMs.

The banking regulator says its actions are necessitated based on significant concerns arising out of Reserve Bank’s IT examination of Kotak Mahindra Bank for the years 2022 and 2023 and the continued failure on part of the bank to address these concerns in a comprehensive and timely manner.

Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc.

For two consecutive years, the Kotak Mahindra Bank was assessed to be deficient in its IT Risk and Information Security Governance, contrary to requirements under regulatory guidelines.

In the absence of a robust IT infrastructure and IT Risk Management framework, Kotak Mahindra Bank’s Core Banking System (CBS) and its online and digital banking channels have suffered frequent and significant outages in the last two years, the recent one being a service disruption on April 15, 2024, resulting in serious customer inconveniences, as per the RBI.

The regulator says that Kotak Mahindra Bank is found to be materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth.

In the past two years, the Reserve Bank has been in continuous high-level engagement with Kotak Mahindra Bank on all these concerns with a view to strengthening its IT resilience, but the outcomes have been far from satisfactory, the RBI says.

It is also observed that, of late, there has been rapid growth in the volume of the bank’s digital transactions, including transactions pertaining to credit cards, which is building further load on the IT systems, the regulator adds.

The Reserve Bank, therefore, has decided to place certain business restrictions on Kotak Mahindra Bank as mentioned above, in the interest of customers and to prevent any possible prolonged outage which may seriously impact not only the bank’s ability to render efficient customer service but also the financial ecosystem of digital banking and payment systems.

The restrictions now being imposed will be reviewed upon completion of a comprehensive external audit to be commissioned by the bank with the prior approval of RBI.

Follow us on Facebook, X, YouTube, Instagram and WhatsApp to never miss an update from Fortune India. To buy a copy, visit Amazon.